Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2013-04-20 17:49:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2", Maintainer is "vci...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2013-03-22 11:56:16.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2013-04-20 17:49:24.000000000 +0200 @@ -1,0 +2,6 @@ +Thu Apr 18 14:07:49 UTC 2013 - vci...@suse.com + +- fix for CVE-2013-1969 (bnc#815665) + * libxml2-CVE-2013-1969.patch + +------------------------------------------------------------------- New: ---- libxml2-CVE-2013-1969.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2.spec ++++++ --- /var/tmp/diff_new_pack.8fzHuX/_old 2013-04-20 17:49:26.000000000 +0200 +++ /var/tmp/diff_new_pack.8fzHuX/_new 2013-04-20 17:49:26.000000000 +0200 @@ -32,6 +32,7 @@ # PATCH-FIX-UPSTREAM CVE-2012-5134 (bnc#793334) Patch1: libxml2-2.9.0-CVE-2012-5134.patch Patch4: libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch +Patch5: libxml2-CVE-2013-1969.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -128,6 +129,7 @@ %patch0 %patch1 -p1 %patch4 -p1 +%patch5 -p1 %build %configure --disable-static \ ++++++ libxml2-CVE-2013-1969.patch ++++++ >From de0cc20c29cb3f056062925395e0f68d2250a46f Mon Sep 17 00:00:00 2001 From: Daniel Veillard <veill...@redhat.com> Date: Tue, 12 Feb 2013 08:55:34 +0000 Subject: Fix some buffer conversion issues https://bugzilla.gnome.org/show_bug.cgi?id=690202 Buffer overflow errors originating from xmlBufGetInputBase in 2.9.0 The pointers from the context input were not properly reset after that call which can do reallocations. --- diff --git a/HTMLparser.c b/HTMLparser.c index a533f37..6b83654 100644 --- a/HTMLparser.c +++ b/HTMLparser.c @@ -6054,6 +6054,8 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk, int size, if ((in->encoder != NULL) && (in->buffer != NULL) && (in->raw != NULL)) { int nbchars; + size_t base = xmlBufGetInputBase(in->buffer, ctxt->input); + size_t current = ctxt->input->cur - ctxt->input->base; nbchars = xmlCharEncInput(in); if (nbchars < 0) { @@ -6061,6 +6063,7 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk, int size, "encoder error\n", NULL, NULL); return(XML_ERR_INVALID_ENCODING); } + xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current); } } } diff --git a/parser.c b/parser.c index 31f90d6..1c99051 100644 --- a/parser.c +++ b/parser.c @@ -12126,7 +12126,7 @@ xmldecl_done: remain = 0; } } - res =xmlParserInputBufferPush(ctxt->input->buf, size, chunk); + res = xmlParserInputBufferPush(ctxt->input->buf, size, chunk); if (res < 0) { ctxt->errNo = XML_PARSER_EOF; ctxt->disableSAX = 1; @@ -12143,6 +12143,8 @@ xmldecl_done: if ((in->encoder != NULL) && (in->buffer != NULL) && (in->raw != NULL)) { int nbchars; + size_t base = xmlBufGetInputBase(in->buffer, ctxt->input); + size_t current = ctxt->input->cur - ctxt->input->base; nbchars = xmlCharEncInput(in); if (nbchars < 0) { @@ -12151,6 +12153,7 @@ xmldecl_done: "xmlParseChunk: encoder error\n"); return(XML_ERR_INVALID_ENCODING); } + xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current); } } } @@ -12190,7 +12193,14 @@ xmldecl_done: } if ((end_in_lf == 1) && (ctxt->input != NULL) && (ctxt->input->buf != NULL)) { + size_t base = xmlBufGetInputBase(ctxt->input->buf->buffer, + ctxt->input); + size_t current = ctxt->input->cur - ctxt->input->base; + xmlParserInputBufferPush(ctxt->input->buf, 1, "\r"); + + xmlBufSetInputBaseCur(ctxt->input->buf->buffer, ctxt->input, + base, current); } if (terminate) { /* -- cgit v0.9.1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org